From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: lkml <linux-kernel@vger.kernel.org>,
"Andrew G. Morgan" <morgan@kernel.org>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Ulrich Drepper <drepper@redhat.com>,
linux-api@vger.kernel.org, James Morris <jmorris@namei.org>
Subject: Re: [PATCH resend] define convenient securebits masks for prctl users
Date: Thu, 29 Oct 2009 09:05:47 -0500 [thread overview]
Message-ID: <20091029140547.GC15713@us.ibm.com> (raw)
In-Reply-To: <20091029133306.0cb87521.sfr@canb.auug.org.au>
Quoting Stephen Rothwell (sfr@canb.auug.org.au):
> Hi Serge,
>
> On Wed, 28 Oct 2009 09:02:36 -0500 "Serge E. Hallyn" <serue@us.ibm.com> wrote:
> >
> > [ Are there any objections to exporting securebits.h? If not,
> > can this patch be pushed to linux-next? ]
>
> I am not sure which tree this belongs in? Maybe security-testing (James
> cc'd)?
I don't know why that didn't occur to me! Thanks, I'll pursue
that :)
> > diff --git a/include/linux/securebits.h b/include/linux/securebits.h
> > index d2c5ed8..9ad109e 100644
> > --- a/include/linux/securebits.h
> > +++ b/include/linux/securebits.h
> > @@ -1,6 +1,13 @@
> > #ifndef _LINUX_SECUREBITS_H
> > #define _LINUX_SECUREBITS_H 1
> >
> > +/* Each securesetting is implemented using two bits. One bit specifies
> > + whether the setting is on or off. The other bit specify whether the
> > + setting is locked or not. A setting which is locked cannot be
> > + changed from user-level. */
> > +#define issecure_mask(X) (1 << (X))
> > +#define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits))
>
> You want this second define protected by ifdef __KERNEL__ ...
True, userspace doesn't need to see those. Will sanitize and resend.
thanks,
-serge
prev parent reply other threads:[~2009-10-29 14:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-28 14:02 [PATCH resend] define convenient securebits masks for prctl users Serge E. Hallyn
[not found] ` <20091028140236.GA8157-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-29 2:33 ` Stephen Rothwell
2009-10-29 14:05 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091029140547.GC15713@us.ibm.com \
--to=serue@us.ibm.com \
--cc=drepper@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).